Trump Issues Executive Order on Cybersecurity

On May 11, President Trump signed an executive order on cybersecurity designed to protect federal government networks and critical infrastructure, including the nation’s power grid.

In a statement issued the same day, the American Public Power Association voiced support for the executive order and said that, “As threats evolve, so too must the efforts of industry and government to mitigate them.”

The executive order directs the secretary of Energy and the secretary of Homeland Security, in consultation with the director of National Intelligence and state local, tribal and territorial governments, to jointly assess “the potential scope and duration of a prolonged power outage associated with a significant cyber incident” against the U.S. electric sector and to assess the nation’s readiness to manage the consequences of such an incident and to identify “any gaps or shortcomings in assets or capabilities required to mitigate the consequences of such an incident.”

The assessment shall be provided to the president, within 90 days, and “may be classified in full or in part, as appropriate,” says the order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”

The executive order also lays out a number of steps that are to be taken by federal agencies.

“The executive branch has for too long accepted antiquated and difficult-to-defend IT,” the order says. “Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture.”

“Agency heads will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result” from unauthorized access to IT and data, or disclosure or modification of such data.

The order directs the secretary of Homeland Security, in coordination with the secretary of Defense, the attorney general, the director of National Intelligence, and the FBI director, as well as heads of other appropriate agencies, to identify “authorities and capabilities that agencies could employ to support he cybersecurity efforts of critical infrastructure entities” that are at greatest risk of “attacks that could reasonable result in catastrophic regional or national effects on public health or safety, economic security, or national security.”

The secretaries of Commerce and Homeland Security also “shall jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem” and to work on the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets),” the order said.

Public power: Grid’s security is a top priority

“The American Public Power Association supports President Trump’s executive order on cybersecurity,” the Association said in its May 11 statement. “The security of the electric grid is a top priority for the Association and the industry at large. We will continue to work with the Administration to ensure that strong partnerships exist across industry and government to protect the electric grid.

“As threats evolve, so too must the efforts of industry and government to mitigate them. These efforts are united through a partnership known as the Electricity Subsector Coordinating Council (ESCC). Comprised of electric utility CEOs, trade association heads, grid operators, and officials from the White House, DOE, DHS, FERC, and the FBI, the ESCC works to mitigate and respond to national-level incidents or threats to electric sector critical infrastructure.

“We look forward to continuing to work with the Administration on this critical issue.”